{"total":11,"items":[{"citing_arxiv_id":"2605.31042","ref_index":13,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"From Prompt Injection to Persistent Control: Defending Agentic Harness Against Trojan Backdoors","primary_cat":"cs.CR","submitted_at":"2026-05-29T09:19:07+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Introduces ClawTrojan benchmark achieving 95.5% ASR for multi-step trojan attacks in agentic harnesses and DASGuard defense that sanitizes control content from untrusted sources.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.22321","ref_index":22,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Benchmarking Autonomous Agents against Temporal, Spatial, and Semantic Evasions","primary_cat":"cs.CR","submitted_at":"2026-05-21T11:07:51+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"A3S-Bench evaluates LLM agents against temporal, spatial, and semantic evasions, raising average risk trigger rates from 28.3% to 52.6% across 2,254 trajectories and 20 scenarios.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.17986","ref_index":31,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"LivePI: More Realistic Benchmarking of Agents Against Indirect Prompt Injection","primary_cat":"cs.CR","submitted_at":"2026-05-18T07:41:35+00:00","verdict":null,"verdict_confidence":null,"novelty_score":null,"formal_verification":null,"one_line_summary":null,"context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.16537","ref_index":8,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Nori Bot: A Sub-$1,000 Floor-to-Counter Mobile Manipulator","primary_cat":"cs.RO","submitted_at":"2026-05-15T18:33:21+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":3.0,"formal_verification":"none","one_line_summary":"Nori Bot is a 17-DoF dual-arm mobile manipulator costing $947 with a 600 mm Z-axis lift, Raspberry Pi proactive control, and current-based servo protection.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.11047","ref_index":9,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw","primary_cat":"cs.CR","submitted_at":"2026-05-11T13:20:02+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"DeepTrap automates discovery of contextual vulnerabilities in OpenClaw agents via trajectory optimization, showing that unsafe behavior can be induced while preserving task completion and that final-response checks are insufficient.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2605.10038","ref_index":32,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"TimeClaw: A Time-Series AI Agent with Exploratory Execution Learning","primary_cat":"cs.AI","submitted_at":"2026-05-11T06:09:17+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":7.0,"formal_verification":"none","one_line_summary":"TimeClaw is an exploratory execution learning system that turns multiple valid tool-use paths into hierarchical distilled experience for improved time-series reasoning without test-time adaptation.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"Wagle, and K. Koishida, \"CUA-Skill: Develop skills for computer using agent,\"arXiv preprint arXiv:2601.21123, 2026. [31] S. Liu, C. Li, C. Wang, J. Hou, Z. Chen, L. Zhang, Z. Liu, Q. Ye, Y . Hei, X. Zhang, and Z. Wang, \"ClawKeeper: Comprehensive safety protection for OpenClaw agents through skills, plugins, and watchers,\"arXiv preprint arXiv:2603.24414, 2026. [32] W. Ye, W. Yang, D. Cao, Y . Zhang, L. Tang, J. Cai, and Y . Liu, \"Domain-oriented time series inference agents for reasoning and automated analysis,\"arXiv preprint arXiv:2410.04047, 2024. [33] G. Jalori, P. Verma, and S. O. Arık, \"FLAIRR-TS: Forecasting LLM-agents with iterative refinement and retrieval for time series,\" inFindings of the Association for Computational"},{"citing_arxiv_id":"2605.07110","ref_index":139,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"Securing Computer-Use Agents: A Unified Architecture-Lifecycle Framework for Deployment-Grounded Reliability","primary_cat":"cs.CL","submitted_at":"2026-05-08T01:38:46+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":4.0,"formal_verification":"none","one_line_summary":"The paper develops a unified framework that organizes computer-use agent reliability around perception-decision-execution layers and creation-deployment-operation-maintenance stages to map security and alignment interventions.","context_count":1,"top_context_role":"background","top_context_polarity":"background","context_text":"earlier. Attack names alone are not enough. The recent CUA security corpus reflects that widening scope. It spans visual prompt injection, harmful-task bench- marking, action rebinding, adversarial backdoors, runtime guardrails, permission scoping, dark-pattern manipulation, privacy-focused evaluation, and runtime monitoring or media- tion [36], [124], [139]-[147]. Safety benchmarks such as Mo- bileSafetyBench, ST-WebAgentBench, OS-BLIND, and Rios- World further indicate that harmful-task completion, policy- noncompliant behavior, and benign-intent failure have become explicit evaluation targets rather than incidental by-products of general task completion [49], [148]-[150]. That literature expands the attack inventory and suggests that risk conditions"},{"citing_arxiv_id":"2604.24920","ref_index":1,"ref_count":2,"confidence":0.9,"is_internal_anchor":false,"paper_title":"SUDP: Secret-Use Delegation Protocol for Agentic Systems","primary_cat":"cs.CR","submitted_at":"2026-04-27T19:02:08+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"SUDP is a three-party protocol in which an agent proposes an operation, the user issues a fresh grant, and a custodian executes it, satisfying seven security properties for bounded secret use without reusable authority transfer.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.18652","ref_index":13,"ref_count":2,"confidence":0.9,"is_internal_anchor":false,"paper_title":"From Craft to Kernel: A Governance-First Execution Architecture and Semantic ISA for Agentic Computers","primary_cat":"cs.CR","submitted_at":"2026-04-20T05:25:37+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"Arbiter-K is a governance-first architecture that turns probabilistic agent reasoning into discrete instructions with runtime taint propagation to block unsafe actions, reporting 76-95% interception rates and a 92.79% gain over baseline policies on two test systems.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.16762","ref_index":25,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"CapSeal: Capability-Sealed Secret Mediation for Secure Agent Execution","primary_cat":"cs.CR","submitted_at":"2026-04-18T00:23:32+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":5.0,"formal_verification":"none","one_line_summary":"CapSeal introduces a capability-sealed broker architecture that lets AI agents perform constrained secret-using actions without ever receiving the secrets themselves.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null},{"citing_arxiv_id":"2604.03131","ref_index":3,"ref_count":1,"confidence":0.9,"is_internal_anchor":false,"paper_title":"A Systematic Security Evaluation of OpenClaw and Its Variants","primary_cat":"cs.CR","submitted_at":"2026-04-03T15:52:36+00:00","verdict":"UNVERDICTED","verdict_confidence":"LOW","novelty_score":6.0,"formal_verification":"none","one_line_summary":"All six evaluated OpenClaw agent frameworks exhibit substantial security vulnerabilities, with reconnaissance behaviors as the most common weakness and agent systems proving significantly riskier than isolated backbone models.","context_count":0,"top_context_role":null,"top_context_polarity":null,"context_text":null}],"limit":50,"offset":0}